PT-2023-8634 · Korenix · Korenix Jetnet Series

S. Dietz

Publicado

2023-08-31

Atualizado

2025-10-08

CVE-2023-5347

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Korenix JetNet Series versions prior to 2024/01

Description The issue is related to an Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series devices. This vulnerability can be exploited by a remote attacker to replace the whole operating system, including Trusted Executables, by sending specially crafted UDP packets to port 5010.

Recommendations For versions prior to 2024/01, update the firmware to version 2024/01 or later to resolve the issue. As a temporary workaround, consider restricting access to the update process and port 5010 to minimize the risk of exploitation.

Exploit

Correção

Use of a Broken Cryptographic Algorithm

Improper Verification of Cryptographic Signature

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-327CWE-347

Identificadores relacionados

BDU:2024-01312

CVE-2023-5347

Produtos afetados

Korenix Jetnet Series

PT-2023-8634 · Korenix · Korenix Jetnet Series

CVE-2023-5347

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19